Tenable rolls out One for OT/IoT, offers visibility across IT, OT and IoT domains

Tenable announced the release of One for OT/IoT. It is the first and only exposure management platform that provides holistic visibility into assets across IT and operational technology (OT) environments.

The convergence of physical assets and IT – such as HVAC systems in data centres, badge readers in office buildings, cameras on manufacturing floors, and many more – has resulted in a broader cyber attack surface. As IT, OT and IoT assets become increasingly interconnected, cyber attacks are often originating in IT systems and then spreading into OT environments, with potentially devastating results. Today's CISOs find themselves responsible and accountable for securing OT and IoT environments.

One for OT/IoT extends visibility beyond IT, to include OT and IoT, and helps security leaders gain a clear picture of true exposure across their entire attack surface. This first-of-its-kind approach allows organisations to prioritise security risks wherever they reside - be it in the cloud, data centre, or the OT environment - and most importantly, to understand how these risks create attack paths across their infrastructure.

Users can also view their global exposure, including OT assets, to see how their security posture compares to other companies in their industry and gain additional insights from their OT assets to make better decisions, faster.

The Tenable One platform now combines the broadest vulnerability coverage spanning IT assets, cloud resources, containers, web apps, identity systems, OT and IoT assets. It builds on the deep threat intel, regulatory compliance and vulnerability expertise and data from Tenable Research, and adds data analytics to prioritise actions and reduce cyber risk, enabling:

●        Comprehensive visibility beyond the IT environment to the modern attack surface

●        Risk intelligence to mitigate operational risks

●        Actionable planning and decision-making across enterprise and critical infrastructure environments

“On a daily basis we witness threat actors finding creative ways to disrupt businesses through non-traditional paths. Risk doesn’t end at IT. For those that rely on physical computing technology, OT and IoT often power their most business-critical activities. Any disruption is extremely damaging and often results in an inability to function,” explained Amir Hirsh, SVP and general manager of OT Security, Tenable. “We understand that OT environments require a different approach from IT and we’ve designed our security solution so teams no longer have to choose between cybersecurity or productivity. They can have both.”

The threat to OT systems from nation-state actors was recently driven home in a U.S. Congressional hearing in which top leaders from the Cyber and Infrastructure Security Agency (CISA), the FBI, the Office of the National Cyber Director (ONCD) and the National Security Agency (NSA) testified that U.S. electricity systems, water utilities, military organisations and other critical services are actively being targeted by Chinese hacking campaigns. Subsequently, an international advisory confirmed that Volt Typhoon - a People’s Republic of China-sponsored threat actor - has pre-positioned itself on U.S. IT networks to enable lateral movement to OT assets and to disrupt functions.

The Tenable One for OT/IoT license includes not only Tenable One, but a companion license of Tenable OT Security and Tenable Security Center.